Please create an account to cast your vote and join our community!

Cookies

Personalizing site content for users, enabling log term shopping carts and improving site usage are key to providing the public the best possible web experience and these functions are reliant on cookies and other technologies currently limited by various approval requirements. As a result, agencies may end up either forgoing the use, or they seek approval but may not seek to establish additional necessary controls to ensure these technologies are used in the most privacy friendly manner.

The below practical guidelines that could enable the use of cookies to better serve the public as desired by many government web managers. Some of these concepts are already in place at some of the most progressive private sector companies, and government leadership in this area would spur wider adoption of these practices that both optimize the user experience and ensure privacy and transparency in data use.

The current restrictions on cookies and similar technologies be abolished. In their place should be requirements that establish leading practices for such technology practices.

Ensuring that Interactive Tools used by Government Provide Users with Enhanced Transparency and Controls for Data Collection and Retention

Analytics, Research or Others Using Cookies, Tracking Pixels or Other Tools

1. Delete log-files after a defined period of time.

a. Data rention periods for “non-personal” log-files vary widely across vendors, are not publicly disclosed and are rarely committed to contractually.Establish requirements of data destruction periods for logfile data collected by analytics and other vendors.

2. Cookies should have limited expiration periods and should not be used to store information unprotected.

3. IP addresses logged by vendors should be obscured or deleted as soon as possible.

a. Some vendors can use and then immediately scramble IP addresses as they log them. Require this of all except vendors providing audit or security tools.

4. The use of the tools and user options should be transparent and prominently explained - outside of the site privacy policy.

5. Have vendors use an assigned “first party” White House domain for analytics, rather than their own “third party” domain, to avoid potential for unwanted correlation.

6. Require contractual representations barring use of data for purposes other than services contracted, other than aggregate reporting.